Jo Assistant
Senior Member
- Jun 20, 2014
- 195
- 197
To Tanzanian Banks, financial institutions and firms, public and private institutions, and all government authorities:
"There are four big threats to the world and to the human race. One of them we've just experienced, that's the pandemic. Then you've got weapons of mass destruction. You've got climate change. But barreling down towards us before those is cyber." - Misha Glenny (Cybersecurity Expert, IWM Vienna).
Due to the recent and ongoing situation in the internet and cyber world at large in Tanzania, it is important for you to be aware of the following, have a full grasp of the situation, take measures, and be prepared of what's coming ahead.
Billion Dollar Heist:
The story of one of the most daring cyber heists of all time, the Bangladeshi Central Bank theft. Tracing the origins of cyber-crime, from basic turn of the millennium credit card fraud by individuals to wildly complex, global criminal organizations.
[Excerpt from "Billion Dollar Heist (2023)" Documentary film]
".....We've had Stuxnet blowing up the Natanz centrifuge plant. We've had ransomware attacks, which hit the Eastern Seaboard. There was no gas to the Eastern Seaboard for a whole week in the United States. We had Russia against the Ukraine, shutting out the power in the middle of winter. We're talking about people losing their lives. We've also had cyber-attacks that potentially affected US elections. We had the healthcare in the UK brought down, dialysis machines no longer working.
This is an extremely fragile situation, much more fragile than the period of détente, because so many more countries have these weapons. Malware is much more difficult to control than nuclear weapons. Everyday there are thousands of cyber-attacks and we're just getting more and more inured to them. It's like a plague. I think we'll see much more hostile cyber activity, much more cyber back robberies, much more cyber espionage. We'll see much more cyber war. In many ways, I think we've seen nothing yet. As attacks increase in their sophistication and their range, then the impact can be ever greater. There is a cyber-attack on critical national national infrastructure coming to a place near you within the next five to ten years. If it's done well, and if it's really malicious, that could be catastrophic.
What's amazing about the Bank of Bangladesh heist is they almost walked away with $1 billion. The mistakes that they made that led to them only walking with $81 million were literally a typo in a name and potentially not being patient enough, waiting just one more hour. We could be telling a completely different story. Presumably, these guys kept perhaps 95 percent of that cash. You could still walk out with 95 percent of what you came in with, have no nobody trace that money, no record of it whatsoever, and get on a plane with it, and you're home free. Even if you had invested a year's work, that you had recruited a really decent set of hackers, that you had corrupted bank officials, you'll be looking at a profit of about $75 million. For a year's work, not a bad pay-off.
The Bank of Bangladesh heist showed them what was possible. They proved that they could do it. After that attack it didn't stop. We saw continued attacks on various banks across Asia, I think in the Philippines again. And also, they started hacking the cryptocurrency exchanges, where people store their Bitcoin and Monero digital currency, which has proved to be incredibly lucrative for them.
In 2017, Lazarus was thought to have successfully attacked at least five Asian cryptocurrency exchanges. That's a total of $571 million that was lost.
Cryptocurrency exchanges just have the bare minimum of security, we're learning now.
In 2020, as the global pandemic spiralled, AstraZeneca, makers of one of the key vaccines, was hit by an attack, extorting the company and stealing sensitive information for profit. The sums involved are astronomical, and Lazarus is still very much at large. They have been designated by the United States an APT; that's an Advanced Persistent Threat. Now, the fundamental criteria is that they represent a threat to US national security and national infrastructure. So, just by dint of it being called an APT means that the Lazarus Group is serious stuff.
Marvel fans, think HYDRA. James Bond films, think of SPECTRE. It's something like that.
Now it's tempting to think this comparison is absurd, but this is the scale that Lazarus operates on. Arguably, they're the most potent cyber criminals in business today. So the nation state's involvement in cybercrime means that cyber crime has actually morphed into cyber warfare.
You can have zero trust in these systems. You need to assume that everything has been broken, everything is being listened to, that everything can be captured, and operate accordingly.
If a small group can plan something and get away with $81 million, which involved the Fed in New York, SWIFT in Brussels, the Bangladesh Bank in Dhaka, and then all the peripherals in Manila, just think about what one of the really professional operations in China, Russia, the NSA, GCHQ, just think what havoc they could wreck. And every year, the hacks get bigger, the damage greater, the implications graver. Armies literally have hackers hammering at the gates. And it just takes a simple breach, one person, one weak link, and those armies will storm the defences and bring down a network that our way of life depends on. It happened in Bangladesh in 2016. And believe you me, it's going to happen again very soon."
NB: Since there has been increasing negligence and ignorance about cybercrime in Tanzania, I humbly advise my fellow Tanzanians to watch the "Billion Dollar Heist (2023)" documentary and learn essential lessons before cybercrime escalates in the country.
"There are four big threats to the world and to the human race. One of them we've just experienced, that's the pandemic. Then you've got weapons of mass destruction. You've got climate change. But barreling down towards us before those is cyber." - Misha Glenny (Cybersecurity Expert, IWM Vienna).
Due to the recent and ongoing situation in the internet and cyber world at large in Tanzania, it is important for you to be aware of the following, have a full grasp of the situation, take measures, and be prepared of what's coming ahead.
Billion Dollar Heist:
The story of one of the most daring cyber heists of all time, the Bangladeshi Central Bank theft. Tracing the origins of cyber-crime, from basic turn of the millennium credit card fraud by individuals to wildly complex, global criminal organizations.
[Excerpt from "Billion Dollar Heist (2023)" Documentary film]
".....We've had Stuxnet blowing up the Natanz centrifuge plant. We've had ransomware attacks, which hit the Eastern Seaboard. There was no gas to the Eastern Seaboard for a whole week in the United States. We had Russia against the Ukraine, shutting out the power in the middle of winter. We're talking about people losing their lives. We've also had cyber-attacks that potentially affected US elections. We had the healthcare in the UK brought down, dialysis machines no longer working.
This is an extremely fragile situation, much more fragile than the period of détente, because so many more countries have these weapons. Malware is much more difficult to control than nuclear weapons. Everyday there are thousands of cyber-attacks and we're just getting more and more inured to them. It's like a plague. I think we'll see much more hostile cyber activity, much more cyber back robberies, much more cyber espionage. We'll see much more cyber war. In many ways, I think we've seen nothing yet. As attacks increase in their sophistication and their range, then the impact can be ever greater. There is a cyber-attack on critical national national infrastructure coming to a place near you within the next five to ten years. If it's done well, and if it's really malicious, that could be catastrophic.
What's amazing about the Bank of Bangladesh heist is they almost walked away with $1 billion. The mistakes that they made that led to them only walking with $81 million were literally a typo in a name and potentially not being patient enough, waiting just one more hour. We could be telling a completely different story. Presumably, these guys kept perhaps 95 percent of that cash. You could still walk out with 95 percent of what you came in with, have no nobody trace that money, no record of it whatsoever, and get on a plane with it, and you're home free. Even if you had invested a year's work, that you had recruited a really decent set of hackers, that you had corrupted bank officials, you'll be looking at a profit of about $75 million. For a year's work, not a bad pay-off.
The Bank of Bangladesh heist showed them what was possible. They proved that they could do it. After that attack it didn't stop. We saw continued attacks on various banks across Asia, I think in the Philippines again. And also, they started hacking the cryptocurrency exchanges, where people store their Bitcoin and Monero digital currency, which has proved to be incredibly lucrative for them.
In 2017, Lazarus was thought to have successfully attacked at least five Asian cryptocurrency exchanges. That's a total of $571 million that was lost.
Cryptocurrency exchanges just have the bare minimum of security, we're learning now.
In 2020, as the global pandemic spiralled, AstraZeneca, makers of one of the key vaccines, was hit by an attack, extorting the company and stealing sensitive information for profit. The sums involved are astronomical, and Lazarus is still very much at large. They have been designated by the United States an APT; that's an Advanced Persistent Threat. Now, the fundamental criteria is that they represent a threat to US national security and national infrastructure. So, just by dint of it being called an APT means that the Lazarus Group is serious stuff.
Marvel fans, think HYDRA. James Bond films, think of SPECTRE. It's something like that.
Now it's tempting to think this comparison is absurd, but this is the scale that Lazarus operates on. Arguably, they're the most potent cyber criminals in business today. So the nation state's involvement in cybercrime means that cyber crime has actually morphed into cyber warfare.
You can have zero trust in these systems. You need to assume that everything has been broken, everything is being listened to, that everything can be captured, and operate accordingly.
If a small group can plan something and get away with $81 million, which involved the Fed in New York, SWIFT in Brussels, the Bangladesh Bank in Dhaka, and then all the peripherals in Manila, just think about what one of the really professional operations in China, Russia, the NSA, GCHQ, just think what havoc they could wreck. And every year, the hacks get bigger, the damage greater, the implications graver. Armies literally have hackers hammering at the gates. And it just takes a simple breach, one person, one weak link, and those armies will storm the defences and bring down a network that our way of life depends on. It happened in Bangladesh in 2016. And believe you me, it's going to happen again very soon."
NB: Since there has been increasing negligence and ignorance about cybercrime in Tanzania, I humbly advise my fellow Tanzanians to watch the "Billion Dollar Heist (2023)" documentary and learn essential lessons before cybercrime escalates in the country.